[Infowarrior] - PGP Whole Disk Encryption - Barely Acknowledged Intentional Backdoor

Richard Forno rforno at infowarrior.org
Thu Oct 4 22:11:42 UTC 2007


(source Jericho)

"PGP Corporation's widely adopted Whole Disk Encryption product apparently
has an encryption bypass feature that allows an encrypted drive to be
accessed without the boot-up passphrase challenge dialog, leaving data in
a vulnerable state if the drive is stolen when the bypass feature is
enabled. The feature is also apparently not in the documentation that
ships with the PGP product, nor the publicly available documentation on
their website, but only mentioned briefly in the customer knowledge base.
Jon Callas, CTO and CSO of PGP Corp., responded that this feature was
required by unnamed customers and that competing products have similar
functionality."

Links to the articles are here:

http://securology.blogspot.com/2007/10/pgp-whole-disk-encryption-barely.html

http://securology.blogspot.com/2007/10/pgp-whole-disk-encryption-barely.html
#comment-7822943064091432904




More information about the Infowarrior mailing list